SAN BRUNO, CA--(Marketwire - November 20, 2007) - IronPort® Systems, a Cisco business unit
and a leading provider of enterprise spam, virus and spyware protection,
today announced the introduction of fully integrated Payment Card Industry
(PCI) Data Security Standards compliance for email. The new functionality
is included in IronPort's AsyncOS™ operating system, which powers
IronPort's existing and new, purpose-built email security appliances for
retailers and other organizations that handle credit and debit card
transactions. The introduction of this functionality into the new IronPort
C150™ and IronPort C350™ email security appliances gives small to
medium-sized businesses a single, fully integrated solution that combines
traditional email security functions (like spam and virus filtering) with
work-flow based functions (such as policy creation, content scanning, and
message encryption, quarantining and/or archiving).

"IronPort delivers a PCI solution that is directly incorporated in our
existing email security appliances," said Tom Gillis, Vice President of
Marketing for IronPort. "The latest reports from Visa show that
thirty-five percent of retailers that are not PCI compliant, despite the
September deadline and fines of $25,000 per month for non-compliance. The
next largest retailers, level 2 merchants worldwide, have a December
deadline and are increasingly focused on becoming compliant. The good news
is that IronPort's appliances can prevent PCI violations while also
stopping more than 99 percent of all unwanted email, resulting in the
ultimate compliant, spam-free user experience."

PCI Compliance Requirements and Effects on Retailers

PCI mandates that customers provide a secure transmission medium for
sensitive cardholder information and maintain a vulnerability management
program. Anti-virus programs must be used, regularly updated and capable
of detecting, removing and protecting against all forms of malicious
software. Companies who are not PCI compliant are subject to fines up to
$500,000 per incident, greater scrutiny and additional penalties --
including revoking the ability to process their debit and credit cards. In
addition to fines and penalties, non-compliant companies are subject to
related public disclosure regulations (causing a loss of customer trust and
brand equity), which could lead to lower revenues and shareholder revenues.
As a result, retailers and other organizations that handle cardholder
information around the world are particularly focused on rapidly deploying
a solution to address PCI compliance.

"Retailers and other high-volume debit and credit card merchants, issuers,
and information-based organizations worldwide face the complex task of
securing personal cardholder information. These complex regulations often
require wholesale changes to internal and externally facing security
practices," said Brian Burke, Director, Secure Content and Threat
Management for IDC. "Retailers and other organizations need to comply to
protect their customers and protect themselves and their brand. Small and
medium-sized businesses are in special need of security in an easy to
deploy solution that they can manage with minimal resources. IronPort
provides this with email security appliances that meet PCI compliance
requirements in an easy to administer, transparent manner."

PCI Compliance Made Easy

IronPort's PCI compliance solution and advanced search capabilities are
directly integrated into its email security appliances and assist in
identifying debit and credit card numbers, and sensitive cardholder
information, by utilizing advanced rule sets to confirm their legitimacy.
Because sensitive information can be sent over a wide variety of attachment
types, IronPort's advanced content scanning capabilities extend to all
parts of email and attachments, including more than 400 different file
types -- regardless of how it is embedded. As sensitive information is
identified, the corresponding messages can be automatically encrypted for
secure delivery, without requiring any action by either the sender or
recipient. Compliance officers can also choose other remediation options
including connection-based encryption, quarantining, archiving, user
notification and self-remediation. To regularly demonstrate effectiveness,
compliance officers may choose to take advantage of auditable reporting
capabilities that extend to the per-user level, allowing greater user
education for those who need it most. These automatic scanning and
remediation capabilities help to ensure that all transmission of cardholder
information across open, public networks can be secure. All of these
capabilities are incorporated in IronPort's Web-based Email Security
Manager™ policy management tool, providing ease-of-deployment and use.

"Given the growing incidences of fraud and public exposure regulations that
now exist, PCI compliance and the complete protection of our sensitive
personal information is a top priority for our customers," said Barry
Johnson, Director for Risk Mitigation at IGXGlobal, an information security
service firm specializing in assisting clients in understanding and
complying with privacy regulations. "Whereas most elements of PCI
compliant solutions are quite complex, IronPort has provided customers with
a PCI compliance solution for email that is easy to deploy, use and manage.
Not only can IronPort customers enable PCI compliance on their existing
email security appliances with a few mouse clicks and provide end-users the
protection they deserve, they can also ease validation efforts through
IronPort's comprehensive audit and reporting capabilities."

IronPort's Next Generation Hardware Provides Capacity for PCI and Other
Advanced Features

The IronPort C150 and IronPort C350 are the latest in a series of
high-performance email security appliances, optimized for small and
medium-sized customers. By taking advantage of multi-core based hardware,
IronPort's proprietary operating system, AsyncOS, is able to provide the
appliances with the highest capacity of any other similarly configured
system. These purpose-built appliances allow IronPort to not only deal
with the growing volume of spam, but also apply more CPU processing to each
message and therefore enable more advanced PCI scanning algorithms and
remediation. Coupled with monitoring, reporting and management
capabilities, the IronPort C350 and IronPort C150 are clearly the right
choices for the most demanding PCI customers in the world.

About IronPort Systems

IronPort Systems, headquartered in San Bruno, California, is a business
unit of Cisco Systems, Inc. IronPort is the leading provider of
anti-spam, anti-virus and anti-spyware appliances for organizations ranging
from small businesses to the Global 2000. IronPort appliances utilize
SenderBase®, the world's largest email and Web threat detection network
and database. IronPort products are innovative and easy-to-use -- providing
breakthrough performance and playing a mission-critical role in a company's
network infrastructure. To learn more about IronPort products and services,
please visit: http://www.ironport.com/.